The scenario as following, I have two ASA5510 running version 8.0(5) and connected over Internet via IPsec dynamic to static L2L (obviously the static one is on HQ), it works perfectly fine with no issue. I have configured remote access VPN to terminate on HQ's ASA and it works fine as well.
now I'm trying to grant access for RA clients to resources reside on the branch (dyanmic ASA) but to no avail.
I got it work, thanks for the post. I always did the testing from the VPN client (Remote users) but it didn't work, then I thought to try to ping from the subnet behind the ASA (dynamic L2L Tunnel) and amazingly start working, the issue was the users unable to initiate the session, once the tunnel established from ASA side the remote users granted access for all resources behind ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...